Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Missing file C:WINDOWSsystem32dllcachecdrom.sys, not able to use the cd rom30th June 2010, 8:50 am

Hi there!
I've got a problem and I don't know how to fix it. I guess you might help me.
See, I've got this virus: Protector.I Virus, hidden in the file called C:\WINDOWS\system32\drivers\cdrom.sys. I've tried to get it cleaned or deleted with ESEN NOT antivirus but id didn't work. I've deleted the file manually, but the file restored itself each time I've restarted me computer, but (ATTENTION!) without virus in it. After a while, I've got one pop-on telling me that the virus is back in C:\WINDOWS\system32\drivers\cdrom.sys, and that the event occured during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe. This problem kept on appearing all day long. Finally, after I've tried many ways to get the problem fixed,I've recieved a pop-up telling me that the virus is back in C:\WINDOWS\system32\dllcache\cdrom.sys, and that the event occured during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe. Couldn't get the file cleaned by the ESET NOD, so I've tried to delete it. It worked. So now I don't have anymore viruses and the file C:\WINDOWS\system32\drivers\cdrom.sys is back in its place and cleaned.
The problem is that now I can't "see" my cd rom unit anymore... I can't try anythin, cause I don't find the folder C:\WINDOWS\system32\dllcache, so that I can see/cure/replace the file C:\WINDOWS\system32\dllcache\cdrom.sys. I guess it don't even exist, it's kind of temporary folder... Or am I wrong. Sorry, I'm not that good in computers.
So, would you please help me get the problem fixed? Thank you very much!
So would you please

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Re: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom30th June 2010, 3:09 pm

Hello.

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom DXwU4$
$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom VvYDg$

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Re: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom1st July 2010, 8:35 am

Hello again! Thanks a lot for caring!
Well, I've done what you've said to me. Here are the results:

OTL.txt:

OTL logfile created on: 7/1/2010 11:21:11 AM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = D:\VIVA\Muzica\Muzica net\Muzica\WWW LA ZI
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.00 Mb Total Physical Memory | 575.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.68 Gb Total Space | 2.01 Gb Free Space | 10.22% Space Free | Partition Type: NTFS
Drive D: | 17.59 Gb Total Space | 2.19 Gb Free Space | 12.46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC404
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/01 10:23:18 | 000,574,464 | ---- | M] (OldTimer Tools) -- D:\VIVA\Muzica\Muzica net\Muzica\WWW LA ZI\OTL.exe
PRC - [2010/04/01 20:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/11 13:53:35 | 000,378,376 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\converter\RealConverter.exe
PRC - [2010/03/11 13:50:19 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/01/08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009/12/16 23:18:34 | 000,806,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/12/16 23:18:24 | 002,136,760 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/02 16:59:20 | 003,461,120 | ---- | M] () -- C:\Program Files\SoulseekNS\slsk.exe
PRC - [2006/03/01 16:22:04 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/03/14 23:35:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\hpzipm12.exe
PRC - [2004/08/04 03:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2000/10/26 16:21:58 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hpnra.exe

========== Modules (SafeList) ==========

MOD - [2010/07/01 10:23:18 | 000,574,464 | ---- | M] (OldTimer Tools) -- D:\VIVA\Muzica\Muzica net\Muzica\WWW LA ZI\OTL.exe
MOD - [2004/08/04 03:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 02:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/01/08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/12/16 23:19:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/12/16 23:18:34 | 000,806,000 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/03/14 23:35:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2009/12/16 23:18:56 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/12/16 23:18:28 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/12/16 23:17:00 | 000,138,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/10/06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/09/24 14:38:42 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2009/09/24 06:40:12 | 000,019,592 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2009/06/17 15:01:42 | 000,025,480 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/04/21 11:16:44 | 003,964,352 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 01:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001/08/17 15:50:34 | 000,166,720 | ---- | M] (S3 Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3m.sys -- (s3m)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ro/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {9b5612b3-3786-4e7e-af06-2ace545e6a97}:1.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/11 13:56:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/12/21 14:49:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/19 12:43:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/29 10:59:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/03/24 16:57:37 | 000,000,000 | ---D | M]

[2009/09/15 10:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/06/30 18:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\k0osh9ig.default\extensions
[2010/04/08 09:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\k0osh9ig.default\extensions\{9b5612b3-3786-4e7e-af06-2ace545e6a97}
[2010/04/07 16:43:40 | 000,002,052 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\k0osh9ig.default\searchplugins\dex-online.xml
[2010/06/30 11:26:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/19 10:09:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/29 10:59:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/30 11:15:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [HP Network Registry Agent] C:\WINDOWS\system32\hpnra.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.14.6.100 193.16.148.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Application Data\ACD Systems\ACDSee\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Application Data\ACD Systems\ACDSee\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/27 00:39:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/30 13:25:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/30 11:09:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/30 11:07:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/30 11:07:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/30 11:07:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/30 11:07:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/30 11:07:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/30 11:06:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/29 14:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2010/06/29 14:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/29 14:31:53 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\cdrom.sys
[2010/06/29 10:59:46 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/29 10:59:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/29 10:59:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/29 10:59:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/29 10:12:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/06/08 13:07:51 | 000,000,000 | ---D | C] -- C:\Mozilla
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/01 11:18:18 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2010/07/01 11:15:48 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\user\Desktop\2003.lnk
[2010/07/01 11:15:26 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-688789844-682003330-1004.job
[2010/07/01 11:15:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-688789844-682003330-1004.job
[2010/07/01 10:37:18 | 000,000,222 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/07/01 09:54:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/01 09:54:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/01 09:54:16 | 1039,585,280 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/30 19:27:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/06/30 11:15:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/30 11:15:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/30 11:09:11 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/30 10:56:26 | 003,724,003 | R--- | M] () -- C:\Documents and Settings\user\Desktop\Combo-Fix.exe
[2010/06/29 14:13:50 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Revo.lnk
[2010/06/28 13:14:37 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\user\Desktop\PDF 3.lnk
[2010/06/28 09:43:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/15 09:41:55 | 000,696,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/14 16:10:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/14 16:10:40 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/14 16:00:26 | 000,006,670 | ---- | M] () -- C:\WINDOWS\fnerr.dat
[2010/06/14 14:10:51 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Scoatere de la intretinere.doc
[2010/06/07 10:15:20 | 000,000,024 | ---- | M] () -- C:\WINDOWS\winamp.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/30 11:09:11 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/30 11:09:08 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/30 11:07:17 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/30 11:07:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/30 11:07:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/30 11:07:17 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/30 11:07:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/30 10:55:27 | 003,724,003 | R--- | C] () -- C:\Documents and Settings\user\Desktop\Combo-Fix.exe
[2010/06/29 10:14:41 | 1039,585,280 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/14 14:10:51 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Scoatere de la intretinere.doc
[2010/06/07 10:15:20 | 000,000,024 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2010/04/30 16:14:47 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/10/22 12:48:54 | 000,003,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/10/21 10:53:11 | 002,115,496 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009/10/21 10:31:11 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/10/13 14:10:27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\realbap1.dll
[2009/10/13 14:10:27 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\realbsf1.dll
[2009/10/08 11:08:56 | 000,000,040 | ---- | C] () -- C:\WINDOWS\winDecrypt.INI
[2009/09/24 14:38:42 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
[2009/09/16 11:28:38 | 000,000,394 | ---- | C] () -- C:\WINDOWS\capture.ini
[2009/09/15 10:38:19 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/14 18:00:28 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hplj520xg.ini
[2004/08/27 01:18:45 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hplj5200m.ini
[2004/08/27 01:18:15 | 000,000,222 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2004/08/27 01:17:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/27 01:17:28 | 000,385,072 | ---- | C] () -- C:\WINDOWS\System32\HPRrm.dll
[2004/08/27 01:17:25 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHealr.dll
[2004/08/27 01:17:12 | 000,000,284 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2004/08/27 01:17:08 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2004/08/04 03:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 14:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >
DRV - [2009/12/16 23:18:56 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/12/16 23:18:28 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/12/16 23:17:00 | 000,138,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/10/06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/09/24 14:38:42 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2009/09/24 06:40:12 | 000,019,592 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2009/06/17 15:01:42 | 000,025,480 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/04/21 11:16:44 | 003,964,352 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 01:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001/08/17 15:50:34 | 000,166,720 | ---- | M] (S3 Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3m.sys -- (s3m)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ro/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {9b5612b3-3786-4e7e-af06-2ace545e6a97}:1.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/11 13:56:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/12/21 14:49:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/19 12:43:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/29 10:59:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/03/24 16:57:37 | 000,000,000 | ---D | M]

[2009/09/15 10:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/06/30 18:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\k0osh9ig.default\extensions
[2010/04/08 09:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\k0osh9ig.default\extensions\{9b5612b3-3786-4e7e-af06-2ace545e6a97}
[2010/04/07 16:43:40 | 000,002,052 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\k0osh9ig.default\searchplugins\dex-online.xml
[2010/06/30 11:26:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/19 10:09:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/29 10:59:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/30 11:15:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [HP Network Registry Agent] C:\WINDOWS\system32\hpnra.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.14.6.100 193.16.148.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Application Data\ACD Systems\ACDSee\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Application Data\ACD Systems\ACDSee\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/27 00:39:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/30 13:25:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/30 11:09:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/30 11:07:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/30 11:07:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/30 11:07:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/30 11:07:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/30 11:07:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/30 11:06:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/29 14:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2010/06/29 14:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/29 14:31:53 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\cdrom.sys
[2010/06/29 10:59:46 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/29 10:59:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/29 10:59:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/29 10:59:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/29 10:12:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/06/08 13:07:51 | 000,000,000 | ---D | C] -- C:\Mozilla
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/01 11:18:18 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2010/07/01 11:15:48 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\user\Desktop\2003.lnk
[2010/07/01 11:15:26 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-688789844-682003330-1004.job
[2010/07/01 11:15:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-688789844-682003330-1004.job
[2010/07/01 10:37:18 | 000,000,222 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/07/01 09:54:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/01 09:54:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/01 09:54:16 | 1039,585,280 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/30 19:27:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/06/30 11:15:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/30 11:15:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/30 11:09:11 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/30 10:56:26 | 003,724,003 | R--- | M] () -- C:\Documents and Settings\user\Desktop\Combo-Fix.exe
[2010/06/29 14:13:50 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Revo.lnk
[2010/06/28 13:14:37 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\user\Desktop\PDF 3.lnk
[2010/06/28 09:43:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/15 09:41:55 | 000,696,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/14 16:10:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/14 16:10:40 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/14 16:00:26 | 000,006,670 | ---- | M] () -- C:\WINDOWS\fnerr.dat
[2010/06/14 14:10:51 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Scoatere de la intretinere.doc
[2010/06/07 10:15:20 | 000,000,024 | ---- | M] () -- C:\WINDOWS\winamp.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/30 11:09:11 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/30 11:09:08 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/30 11:07:17 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/30 11:07:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/30 11:07:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/30 11:07:17 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/30 11:07:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/30 10:55:27 | 003,724,003 | R--- | C] () -- C:\Documents and Settings\user\Desktop\Combo-Fix.exe
[2010/06/29 10:14:41 | 1039,585,280 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/14 14:10:51 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Scoatere de la intretinere.doc
[2010/06/07 10:15:20 | 000,000,024 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2010/04/30 16:14:47 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/10/22 12:48:54 | 000,003,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/10/21 10:53:11 | 002,115,496 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009/10/21 10:31:11 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/10/13 14:10:27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\realbap1.dll
[2009/10/13 14:10:27 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\realbsf1.dll
[2009/10/08 11:08:56 | 000,000,040 | ---- | C] () -- C:\WINDOWS\winDecrypt.INI
[2009/09/24 14:38:42 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
[2009/09/16 11:28:38 | 000,000,394 | ---- | C] () -- C:\WINDOWS\capture.ini
[2009/09/15 10:38:19 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/14 18:00:28 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hplj520xg.ini
[2004/08/27 01:18:45 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hplj5200m.ini
[2004/08/27 01:18:15 | 000,000,222 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2004/08/27 01:17:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/27 01:17:28 | 000,385,072 | ---- | C] () -- C:\WINDOWS\System32\HPRrm.dll
[2004/08/27 01:17:25 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHealr.dll
[2004/08/27 01:17:12 | 000,000,284 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2004/08/27 01:17:08 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2004/08/04 03:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 14:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

< End of report >

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Re: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom1st July 2010, 8:36 am

The other report is Extras.txt:

OTL Extras logfile created on: 7/1/2010 11:21:11 AM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = D:\VIVA\Muzica\Muzica net\Muzica\WWW LA ZI
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.00 Mb Total Physical Memory | 575.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.68 Gb Total Space | 2.01 Gb Free Space | 10.22% Space Free | Partition Type: NTFS
Drive D: | 17.59 Gb Total Space | 2.19 Gb Free Space | 12.46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC404
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"4878:TCP" = 4878:TCP:*:Enabled:bmrcssof

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"\\Pc202\IntraNet\HP\HP5200\temp\insteng\setup.exe" = \\Pc202\IntraNet\HP\HP5200\temp\insteng\setup.exe:*:Enabled:setup.exe
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\WinMX\WinMX.exe" = C:\Program Files\WinMX\WinMX.exe:*:Enabled:Start WinMX -- (Frontcode Technologies)
"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:Soulseek -- ()
"C:\Program Files\Strong DC\StrongDC.exe" = C:\Program Files\Strong DC\StrongDC.exe:*:Enabled:StrongDC++ -- ()
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5E25B338-257A-490D-AD11-6D619CF4A10A}" = ESET NOD32 Antivirus
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B15D35CD-C470-4131-A2DA-426C7441B11E}" = expert-monitor
"{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF4947D7-2596-45CB-B124-3FA29515D394}" = Transfer.ro
"{D3C29E37-D665-439A-A3ED-8C9948A86281}" = HP LaserJet 5200
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Photo Manager
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF0B0792-F6E7-4627-B820-EA50617E223B}" = QuarkXPress 6.1
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BSPlayer1" = BS.player
"DEX.Ro_is1" = DEX.Ro
"hp LaserJet 5100 Uninstaller" = hp LaserJet 5100 Uninstaller
"HP LaserJet 5200" = HP LaserJet 5200
"MediaCoder" = MediaCoder 0.6.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mp3tag" = Mp3tag v2.46a
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"Nokia PC Suite" = Nokia PC Suite
"QuicktimeAlt_is1" = QuickTime Alternative 2.7.0
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.89
"SopCast" = SopCast 3.2.4
"Soulseek2" = SoulSeek 157 NS 13c
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Winmx Community 1" = Winmx Community 1
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/11/2010 9:12:50 AM | Computer Name = PC404 | Source = MsiInstaller | ID = 11706
Description = Product: Search Settings v1.2.3 -- Error 1706.No valid source could
be found for product Search Settings v1.2.3. The Windows Installer cannot continue.

Error - 6/11/2010 9:13:17 AM | Computer Name = PC404 | Source = MsiInstaller | ID = 11706
Description = Product: Search Settings v1.2.3 -- Error 1706.No valid source could
be found for product Search Settings v1.2.3. The Windows Installer cannot continue.

Error - 6/22/2010 4:02:05 AM | Computer Name = PC404 | Source = MsiInstaller | ID = 11706
Description = Product: Search Settings v1.2.3 -- Error 1706.No valid source could
be found for product Search Settings v1.2.3. The Windows Installer cannot continue.

Error - 6/28/2010 10:27:59 AM | Computer Name = PC404 | Source = MsiInstaller | ID = 11706
Description = Product: Search Settings v1.2.3 -- Error 1706.No valid source could
be found for product Search Settings v1.2.3. The Windows Installer cannot continue.

Error - 6/28/2010 10:29:54 AM | Computer Name = PC404 | Source = MsiInstaller | ID = 11706
Description = Product: Search Settings v1.2.3 -- Error 1706.No valid source could
be found for product Search Settings v1.2.3. The Windows Installer cannot continue.

Error - 6/29/2010 7:23:05 AM | Computer Name = PC404 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BF from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/29/2010 7:23:05 AM | Computer Name = PC404 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 6/30/2010 11:20:14 AM | Computer Name = PC404 | Source = Application Error | ID = 1000
Description = Faulting application realconverter.exe, version 1.0.2.113, faulting
module unknown, version 0.0.0.0, fault address 0x604e3dd0.

[ System Events ]
Error - 6/30/2010 4:24:11 AM | Computer Name = PC404 | Source = Service Control Manager | ID = 7023
Description = The Windows Installer service terminated with the following error:
%%126

Error - 7/1/2010 2:52:15 AM | Computer Name = PC404 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 7/1/2010 2:52:15 AM | Computer Name = PC404 | Source = Service Control Manager | ID = 7023
Description = The Windows Installer service terminated with the following error:
%%126

Error - 7/1/2010 2:54:41 AM | Computer Name = PC404 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 7/1/2010 2:54:41 AM | Computer Name = PC404 | Source = Service Control Manager | ID = 7023
Description = The Windows Installer service terminated with the following error:
%%126

Error - 7/1/2010 2:57:47 AM | Computer Name = PC404 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 7/1/2010 2:57:47 AM | Computer Name = PC404 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 7/1/2010 2:58:00 AM | Computer Name = PC404 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 7/1/2010 2:58:00 AM | Computer Name = PC404 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 7/1/2010 2:58:00 AM | Computer Name = PC404 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

< End of report >

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"4878:TCP" = 4878:TCP:*:Enabled:bmrcssof

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"\\Pc202\IntraNet\HP\HP5200\temp\insteng\setup.exe" = \\Pc202\IntraNet\HP\HP5200\temp\insteng\setup.exe:*:Enabled:setup.exe
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\WinMX\WinMX.exe" = C:\Program Files\WinMX\WinMX.exe:*:Enabled:Start WinMX -- (Frontcode Technologies)
"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:Soulseek -- ()
"C:\Program Files\Strong DC\StrongDC.exe" = C:\Program Files\Strong DC\StrongDC.exe:*:Enabled:StrongDC++ -- ()
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5E25B338-257A-490D-AD11-6D619CF4A10A}" = ESET NOD32 Antivirus
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B15D35CD-C470-4131-A2DA-426C7441B11E}" = expert-monitor
"{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF4947D7-2596-45CB-B124-3FA29515D394}" = Transfer.ro
"{D3C29E37-D665-439A-A3ED-8C9948A86281}" = HP LaserJet 5200
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Photo Manager
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF0B0792-F6E7-4627-B820-EA50617E223B}" = QuarkXPress 6.1
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BSPlayer1" = BS.player
"DEX.Ro_is1" = DEX.Ro
"hp LaserJet 5100 Uninstaller" = hp LaserJet 5100 Uninstaller
"HP LaserJet 5200" = HP LaserJet 5200
"MediaCoder" = MediaCoder 0.6.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mp3tag" = Mp3tag v2.46a
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"Nokia PC Suite" = Nokia PC Suite
"QuicktimeAlt_is1" = QuickTime Alternative 2.7.0
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.89
"SopCast" = SopCast 3.2.4
"Soulseek2" = SoulSeek 157 NS 13c
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Winmx Community 1" = Winmx Community 1
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/11/2010 9:12:50 AM | Computer Name = PC404 | Source = MsiInstaller | ID = 11706
Description = Product: Search Settings v1.2.3 -- Error 1706.No valid source could
be found for product Search Settings v1.2.3. The Windows Installer cannot continue.

Error - 6/11/2010 9:13:17 AM | Computer Name = PC404 | Source = MsiInstaller | ID = 11706
Description = Product: Search Settings v1.2.3 -- Error 1706.No valid source could
be found for product Search Settings v1.2.3. The Windows Installer cannot continue.

Error - 6/22/2010 4:02:05 AM | Computer Name = PC404 | Source = MsiInstaller | ID = 11706
Description = Product: Search Settings v1.2.3 -- Error 1706.No valid source could
be found for product Search Settings v1.2.3. The Windows Installer cannot continue.

Error - 6/28/2010 10:27:59 AM | Computer Name = PC404 | Source = MsiInstaller | ID = 11706
Description = Product: Search Settings v1.2.3 -- Error 1706.No valid source could
be found for product Search Settings v1.2.3. The Windows Installer cannot continue.

Error - 6/28/2010 10:29:54 AM | Computer Name = PC404 | Source = MsiInstaller | ID = 11706
Description = Product: Search Settings v1.2.3 -- Error 1706.No valid source could
be found for product Search Settings v1.2.3. The Windows Installer cannot continue.

Error - 6/29/2010 7:23:05 AM | Computer Name = PC404 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BF from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/29/2010 7:23:05 AM | Computer Name = PC404 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 6/30/2010 11:20:14 AM | Computer Name = PC404 | Source = Application Error | ID = 1000
Description = Faulting application realconverter.exe, version 1.0.2.113, faulting
module unknown, version 0.0.0.0, fault address 0x604e3dd0.

[ System Events ]
Error - 6/30/2010 4:24:11 AM | Computer Name = PC404 | Source = Service Control Manager | ID = 7023
Description = The Windows Installer service terminated with the following error:
%%126

Error - 7/1/2010 2:52:15 AM | Computer Name = PC404 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 7/1/2010 2:52:15 AM | Computer Name = PC404 | Source = Service Control Manager | ID = 7023
Description = The Windows Installer service terminated with the following error:
%%126

Error - 7/1/2010 2:54:41 AM | Computer Name = PC404 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 7/1/2010 2:54:41 AM | Computer Name = PC404 | Source = Service Control Manager | ID = 7023
Description = The Windows Installer service terminated with the following error:
%%126

Error - 7/1/2010 2:57:47 AM | Computer Name = PC404 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 7/1/2010 2:57:47 AM | Computer Name = PC404 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 7/1/2010 2:58:00 AM | Computer Name = PC404 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 7/1/2010 2:58:00 AM | Computer Name = PC404 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 7/1/2010 2:58:00 AM | Computer Name = PC404 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

< End of report >

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Re: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom1st July 2010, 12:53 pm

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom CF_download_FF$

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom CF_download_rename$

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Cf410$
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Cf510$
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Re: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom1st July 2010, 1:12 pm

Hello again!
Done everything I've been told to. Here's the report:

ComboFix 10-06-30.03 - user 07/01/2010 16:00:20.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.468 [GMT 3:00]
Running from: c:\documents and settings\user\Desktop\Combo-Fix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Files Created from 2010-06-01 to 2010-07-01 )))))))))))))))))))))))))))))))
.

2010-06-29 14:37 . 2004-08-03 19:59 49536 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-06-29 11:35 . 2010-06-29 11:35 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2010-06-29 11:34 . 2010-06-29 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-29 11:31 . 2004-08-03 19:59 49536 ----a-w- C:\cdrom.sys
2010-06-29 07:59 . 2010-04-12 14:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-08 10:07 . 2010-06-08 10:07 -------- d-----w- C:\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-01 13:01 . 2009-09-15 08:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2010-06-30 16:06 . 2009-09-15 08:23 -------- d-----w- c:\documents and settings\user\Application Data\uTorrent
2010-06-30 15:33 . 2010-02-09 12:37 -------- d-----w- c:\program files\MediaCoder
2010-06-29 11:19 . 2009-09-16 08:09 -------- d-----w- c:\program files\Corel
2010-06-29 08:10 . 2009-10-14 12:10 -------- d-----w- c:\documents and settings\user\Application Data\dvdcss
2010-06-29 07:59 . 2010-03-10 08:22 -------- d-----w- c:\program files\Java
2010-06-28 14:26 . 2010-01-11 13:57 -------- d-----w- c:\documents and settings\user\Application Data\Search Settings
2010-06-14 13:10 . 2009-09-15 08:36 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-14 13:00 . 2009-09-16 08:28 6670 ----a-w- c:\windows\fnerr.dat
2010-06-08 13:32 . 2009-09-15 07:45 -------- d-----w- c:\program files\Directory Lister
2010-05-27 07:44 . 2010-05-27 07:44 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22fd6906-n\msvcp71.dll
2010-05-27 07:44 . 2010-05-27 07:44 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22fd6906-n\jmc.dll
2010-05-27 07:44 . 2010-05-27 07:44 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22fd6906-n\msvcr71.dll
2010-05-27 07:44 . 2010-05-27 07:44 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1c4906e8-n\decora-sse.dll
2010-05-27 07:44 . 2010-05-27 07:44 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1c4906e8-n\decora-d3d.dll
2010-05-21 12:02 . 2010-05-21 11:33 -------- d-----w- c:\documents and settings\user\Application Data\Mp3tag
2010-05-21 11:33 . 2010-05-21 11:32 -------- d-----w- c:\program files\Mp3tag
2010-05-18 07:51 . 2010-05-04 12:52 -------- d-----w- c:\documents and settings\user\Application Data\ProSoft ++
2010-05-17 06:38 . 2009-09-15 08:23 -------- d-----w- c:\program files\uTorrent
2010-04-28 08:23 . 2010-04-28 08:23 862872 ------w- c:\documents and settings\user\Application Data\Yahoo!\SearchProtection\fudogs_2.0.1.13_msgr_bts_setup.2010.04.01.01.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-06-30_08.15.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-01 06:54 . 2010-07-01 06:54 16384 c:\windows\Temp\Perflib_Perfdata_6e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Network Registry Agent"="c:\windows\system32\hpnra.exe" [2000-10-26 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-11 202256]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-12-16 2136760]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 577536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"\\\\Pc202\\IntraNet\\HP\\HP5200\\temp\\insteng\\setup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Strong DC\\StrongDC.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4878:TCP"= 4878:TCP:bmrcssof

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [9/24/2009 6:40 AM 19592]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/16/2009 11:18 PM 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/16/2009 11:18 PM 95872]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 1:51 AM 380928]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/16/2009 11:18 PM 806000]
R3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [8/27/2004 3:30 AM 166720]
S2 pwtaryoul;Windows Installer;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 3:56 AM 14336]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [9/24/2009 2:38 PM 22528]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [6/17/2009 3:01 PM 25480]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pwtaryoul
.
Contents of the 'Scheduled Tasks' folder

2010-07-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-688789844-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-07-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-688789844-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ro/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\k0osh9ig.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-01 16:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-01 16:08:32
ComboFix-quarantined-files.txt 2010-07-01 13:08

Pre-Run: 2,072,756,224 bytes free
Post-Run: 2,084,462,592 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B81C9EFC2A2D2345ABB19BB182852A62

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Re: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom1st July 2010, 1:23 pm

Hello.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
KILLALL:: Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4878:TCP"=- Driver:: pwtaryoul NetSvc:: pwtaryoul
Save this as CFScript.txt, in the same location as ComboFix.exe

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Cfscriptb4i$
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Re: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom1st July 2010, 1:43 pm

Hello again!

ComboFix 10-06-30.03 - user 07/01/2010 16:28:55.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.597 [GMT 3:00]
Running from: c:\documents and settings\user\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PWTARYOUL
-------\Service_pwtaryoul

((((((((((((((((((((((((( Files Created from 2010-06-01 to 2010-07-01 )))))))))))))))))))))))))))))))
.

2010-06-29 14:37 . 2004-08-03 19:59 49536 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-06-29 11:35 . 2010-06-29 11:35 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2010-06-29 11:34 . 2010-06-29 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-29 11:31 . 2004-08-03 19:59 49536 ----a-w- C:\cdrom.sys
2010-06-29 07:59 . 2010-04-12 14:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-08 10:07 . 2010-06-08 10:07 -------- d-----w- C:\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-01 13:18 . 2009-09-15 08:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2010-06-30 16:06 . 2009-09-15 08:23 -------- d-----w- c:\documents and settings\user\Application Data\uTorrent
2010-06-30 15:33 . 2010-02-09 12:37 -------- d-----w- c:\program files\MediaCoder
2010-06-29 11:19 . 2009-09-16 08:09 -------- d-----w- c:\program files\Corel
2010-06-29 08:10 . 2009-10-14 12:10 -------- d-----w- c:\documents and settings\user\Application Data\dvdcss
2010-06-29 07:59 . 2010-03-10 08:22 -------- d-----w- c:\program files\Java
2010-06-28 14:26 . 2010-01-11 13:57 -------- d-----w- c:\documents and settings\user\Application Data\Search Settings
2010-06-14 13:10 . 2009-09-15 08:36 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-14 13:00 . 2009-09-16 08:28 6670 ----a-w- c:\windows\fnerr.dat
2010-06-08 13:32 . 2009-09-15 07:45 -------- d-----w- c:\program files\Directory Lister
2010-05-27 07:44 . 2010-05-27 07:44 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22fd6906-n\msvcp71.dll
2010-05-27 07:44 . 2010-05-27 07:44 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22fd6906-n\jmc.dll
2010-05-27 07:44 . 2010-05-27 07:44 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22fd6906-n\msvcr71.dll
2010-05-27 07:44 . 2010-05-27 07:44 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1c4906e8-n\decora-sse.dll
2010-05-27 07:44 . 2010-05-27 07:44 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1c4906e8-n\decora-d3d.dll
2010-05-21 12:02 . 2010-05-21 11:33 -------- d-----w- c:\documents and settings\user\Application Data\Mp3tag
2010-05-21 11:33 . 2010-05-21 11:32 -------- d-----w- c:\program files\Mp3tag
2010-05-18 07:51 . 2010-05-04 12:52 -------- d-----w- c:\documents and settings\user\Application Data\ProSoft ++
2010-05-17 06:38 . 2009-09-15 08:23 -------- d-----w- c:\program files\uTorrent
2010-04-28 08:23 . 2010-04-28 08:23 862872 ------w- c:\documents and settings\user\Application Data\Yahoo!\SearchProtection\fudogs_2.0.1.13_msgr_bts_setup.2010.04.01.01.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-06-30_08.15.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-01 13:37 . 2010-07-01 13:37 16384 c:\windows\temp\Perflib_Perfdata_60c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Network Registry Agent"="c:\windows\system32\hpnra.exe" [2000-10-26 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-11 202256]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-12-16 2136760]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 577536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"\\\\Pc202\\IntraNet\\HP\\HP5200\\temp\\insteng\\setup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Strong DC\\StrongDC.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [9/24/2009 6:40 AM 19592]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/16/2009 11:18 PM 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/16/2009 11:18 PM 95872]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 1:51 AM 380928]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/16/2009 11:18 PM 806000]
R3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [8/27/2004 3:30 AM 166720]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [9/24/2009 2:38 PM 22528]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [6/17/2009 3:01 PM 25480]
.
Contents of the 'Scheduled Tasks' folder

2010-07-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-688789844-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-07-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-688789844-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ro/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\k0osh9ig.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-01 16:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Completion time: 2010-07-01 16:41:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-01 13:41
ComboFix2.txt 2010-07-01 13:08

Pre-Run: 2,087,022,592 bytes free
Post-Run: 1,997,627,392 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 6A71A02255055E479114A7B90E6FFE25

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Re: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom1st July 2010, 1:59 pm

Hello.
Not much to do now.

I see that you are running µTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Please download Firefox 3.6.6 and install it. It will install over version 3.6.3 you currently have installed, so you won't lose any bookmarked websites.

Download and install VLC Player 1.0.5
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Re: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom1st July 2010, 2:53 pm

Hello again!
I've done everything as you said, and now I'm scanning my computer with ONLINE ESET NOD. But it will took me about 5 hours, like it took me on my last OFFLINE scanning. So I guess I have to give up for today and resume the whole process tomorrow. Anyway, thanks a lot for your patience and your assistance. See you tomorrow, I hope. See you! Bye!

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Re: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom2nd July 2010, 9:53 am

Hello again!
The scanning of my computer with ONLINE ESET NOD is now completed. Everything is fine. No threats on my computer. So, what's the next step?
Thank you very much!

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Re: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom2nd July 2010, 10:30 am

Here's the log report:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=54e56981bd7aff49ba91e7d84b23ec59
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-01 02:55:27
# local_time=2010-07-01 05:55:27 (+0200, E. Europe Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 17457222 17457222 0 0
# compatibility_mode=8199 39157157 100 100 6560 17004563 0 0
# scanned=400
# found=0
# cleaned=0
# scan_time=557
# nod_component=V3 Build:0x30000000
# version=7
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=54e56981bd7aff49ba91e7d84b23ec59
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-02 09:44:27
# local_time=2010-07-02 12:44:27 (+0200, E. Europe Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 17520977 17520977 0 0
# compatibility_mode=8199 39157157 100 100 586 17068318 0 0
# scanned=66175
# found=0
# cleaned=0
# scan_time=4543
# nod_component=V3 Build:0x30000000

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Re: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom2nd July 2010, 9:01 pm

How is the machine running now?

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Re: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom3rd July 2010, 4:39 am

Hello again!
The machine is running fine, it's just that I can't see my CD/DVD unit anymore.

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Re: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom3rd July 2010, 10:46 pm

Okay, please re-run OTL and post the new log.

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Re: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom5th July 2010, 6:33 am

Hello again!
Here's the new OTL report:

OTL logfile created on: 7/5/2010 9:22:21 AM - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = D:\KITURI\Kaspersky Internet Security 7.0.0.125
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.00 Mb Total Physical Memory | 686.00 Mb Available Physical Memory | 69.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.68 Gb Total Space | 1.43 Gb Free Space | 7.25% Space Free | Partition Type: NTFS
Drive D: | 17.59 Gb Total Space | 1.87 Gb Free Space | 10.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC404
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/01 10:23:18 | 000,574,464 | ---- | M] (OldTimer Tools) -- D:\KITURI\Kaspersky Internet Security 7.0.0.125\OTL.exe
PRC - [2010/03/11 13:50:19 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/01/08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009/12/16 23:18:34 | 000,806,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/12/16 23:18:24 | 002,136,760 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/03/01 16:22:04 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/03/14 23:35:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\hpzipm12.exe
PRC - [2004/08/04 03:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2000/10/26 16:21:58 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hpnra.exe

========== Modules (SafeList) ==========

MOD - [2010/07/01 10:23:18 | 000,574,464 | ---- | M] (OldTimer Tools) -- D:\KITURI\Kaspersky Internet Security 7.0.0.125\OTL.exe
MOD - [2004/08/04 03:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 02:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/01/08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/12/16 23:19:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/12/16 23:18:34 | 000,806,000 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/03/14 23:35:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2009/12/16 23:18:56 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/12/16 23:18:28 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/12/16 23:17:00 | 000,138,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/09/24 14:38:42 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2009/09/24 06:40:12 | 000,019,592 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2009/06/17 15:01:42 | 000,025,480 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/04/21 11:16:44 | 003,964,352 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 01:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001/08/17 15:50:34 | 000,166,720 | ---- | M] (S3 Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3m.sys -- (s3m)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ro/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {9b5612b3-3786-4e7e-af06-2ace545e6a97}:1.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/11 13:56:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/01 17:29:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/02 11:16:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/03/24 16:57:37 | 000,000,000 | ---D | M]

[2009/09/15 10:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/06/30 18:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\k0osh9ig.default\extensions
[2010/04/08 09:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\k0osh9ig.default\extensions\{9b5612b3-3786-4e7e-af06-2ace545e6a97}
[2010/04/07 16:43:40 | 000,002,052 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\k0osh9ig.default\searchplugins\dex-online.xml
[2010/07/02 11:17:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/01 16:37:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [HP Network Registry Agent] C:\WINDOWS\system32\hpnra.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.14.6.100 193.16.148.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Application Data\ACD Systems\ACDSee\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Application Data\ACD Systems\ACDSee\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/27 00:39:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/02 14:18:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/07/02 10:16:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/01 17:39:27 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2010/07/01 17:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\vlc
[2010/07/01 16:47:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/01 16:33:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/30 11:09:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/30 11:07:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/29 14:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2010/06/29 14:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/29 14:31:53 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\cdrom.sys
[2010/06/29 10:59:46 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/29 10:59:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/29 10:59:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/29 10:59:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/29 10:12:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/06/08 13:07:51 | 000,000,000 | ---D | C] -- C:\Mozilla
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/05 09:19:44 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-688789844-682003330-1004.job
[2010/07/05 09:19:44 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-688789844-682003330-1004.job
[2010/07/05 09:14:35 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2010/07/05 09:14:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/05 09:14:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/05 09:14:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/05 09:14:07 | 1039,585,280 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/02 19:00:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/02 18:52:03 | 000,000,335 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/07/02 18:51:52 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\user\Desktop\2003.lnk
[2010/07/02 11:07:59 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/07/01 17:33:33 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC.lnk
[2010/07/01 17:29:52 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/01 17:29:52 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Firefox.lnk
[2010/07/01 16:38:04 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/01 16:37:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/30 11:09:11 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/29 14:13:50 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Revo.lnk
[2010/06/28 13:14:37 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\user\Desktop\PDF 3.lnk
[2010/06/15 09:41:55 | 000,696,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/14 16:10:40 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/14 16:00:26 | 000,006,670 | ---- | M] () -- C:\WINDOWS\fnerr.dat
[2010/06/14 14:10:51 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Scoatere de la intretinere.doc
[2010/06/07 10:15:20 | 000,000,024 | ---- | M] () -- C:\WINDOWS\winamp.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/30 11:09:11 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/30 11:09:08 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/29 10:14:41 | 1039,585,280 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/14 14:10:51 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Scoatere de la intretinere.doc
[2010/06/07 10:15:20 | 000,000,024 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2010/04/30 16:14:47 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/10/22 12:48:54 | 000,003,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/10/21 10:53:11 | 002,115,496 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009/10/21 10:31:11 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/10/13 14:10:27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\realbap1.dll
[2009/10/13 14:10:27 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\realbsf1.dll
[2009/10/08 11:08:56 | 000,000,040 | ---- | C] () -- C:\WINDOWS\winDecrypt.INI
[2009/09/24 14:38:42 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
[2009/09/16 11:28:38 | 000,000,394 | ---- | C] () -- C:\WINDOWS\capture.ini
[2009/09/15 10:38:19 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/14 18:00:28 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hplj520xg.ini
[2004/08/27 01:18:45 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hplj5200m.ini
[2004/08/27 01:18:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2004/08/27 01:17:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/27 01:17:28 | 000,385,072 | ---- | C] () -- C:\WINDOWS\System32\HPRrm.dll
[2004/08/27 01:17:25 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHealr.dll
[2004/08/27 01:17:12 | 000,000,284 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2004/08/27 01:17:08 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2004/08/04 03:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 14:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >
[2010/07/05 09:25:56 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\user\ntuser.dat.LOG
[2010/07/05 09:19:44 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-688789844-682003330-1004.job
[2010/07/05 09:19:44 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-688789844-682003330-1004.job
[2010/07/05 09:14:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\user\Cookies
[2010/07/05 09:14:35 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2010/07/05 09:14:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/05 09:14:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/05 09:14:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/02 19:00:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/02 18:56:10 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\user\Recent
[2010/07/02 18:52:03 | 000,000,335 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/07/02 18:51:52 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\user\Desktop\2003.lnk
[2010/07/02 18:02:47 | 000,000,000 | R--D | M] -- C:\Documents and Settings\user\Favorites
[2010/07/02 16:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\vlc
[2010/07/02 16:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2010/07/02 15:49:39 | 000,000,000 | ---D | M] -- C:\Program Files\MediaCoder
[2010/07/02 11:17:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/07/02 11:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/07/02 11:07:59 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/07/02 10:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
[2010/07/02 10:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Desktop
[2010/07/02 10:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/07/02 10:17:42 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/07/02 10:12:05 | 000,000,000 | ---D | M] -- C:\Program Files\Musicmatch
[2010/07/02 10:11:18 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\user\SendTo
[2010/07/02 10:09:21 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2010/07/01 17:42:45 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/07/01 17:34:00 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\user\Application Data
[2010/07/01 17:33:33 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC.lnk
[2010/07/01 17:29:52 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/01 17:29:52 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Firefox.lnk
[2010/07/01 17:10:21 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/07/01 17:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\uTorrent
[2010/07/01 16:41:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\user\Local Settings
[2010/07/01 16:38:04 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/01 16:37:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/29 14:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2010/06/29 14:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/29 14:19:08 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2010/06/29 14:13:50 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Revo.lnk
[2010/06/29 11:36:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\user\NetHood
[2010/06/29 11:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\dvdcss
[2010/06/28 17:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Search Settings
[2010/06/28 13:14:37 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\user\Desktop\PDF 3.lnk
[2010/06/15 09:41:55 | 000,696,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/14 16:10:40 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/14 16:00:26 | 000,006,670 | ---- | M] () -- C:\WINDOWS\fnerr.dat
[2010/06/14 14:11:56 | 000,000,000 | R--D | M] -- C:\Documents and Settings\user\My Documents
[2010/06/14 14:10:51 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Scoatere de la intretinere.doc
[2010/06/08 16:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\Directory Lister
[2010/06/07 10:15:20 | 000,000,024 | ---- | M] () -- C:\WINDOWS\winamp.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/05 09:19:44 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-688789844-682003330-1004.job
[2010/07/05 09:19:44 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-688789844-682003330-1004.job
[2010/07/05 09:14:35 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2010/07/05 09:14:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/05 09:14:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/05 09:14:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/05 09:14:07 | 1039,585,280 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/02 19:00:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/02 18:52:03 | 000,000,335 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/07/02 18:51:52 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\user\Desktop\2003.lnk
[2010/07/02 11:07:59 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/07/01 17:33:33 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC.lnk
[2010/07/01 17:29:52 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/01 17:29:52 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Firefox.lnk
[2010/07/01 16:38:04 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/01 16:37:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/30 11:09:11 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/29 14:13:50 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Revo.lnk
[2010/06/28 13:14:37 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\user\Desktop\PDF 3.lnk
[2010/06/15 09:41:55 | 000,696,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/14 16:10:40 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/14 16:00:26 | 000,006,670 | ---- | M] () -- C:\WINDOWS\fnerr.dat
[2010/06/14 14:10:51 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Scoatere de la intretinere.doc
[2010/06/07 10:15:20 | 000,000,024 | ---- | M] () -- C:\WINDOWS\winamp.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< End of report >

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Re: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom5th July 2010, 9:07 pm

Hello.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Re: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom6th July 2010, 11:26 am

Hello again!
Here's the result:

========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

OTL by OldTimer - Version 3.2.7.0 log created on 07062010_142534

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Re: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom6th July 2010, 3:13 pm

Okay, can you see your drives now? there was a policy on the machine that does that.

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Re: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom7th July 2010, 1:30 pm

Hello again!
I'm sorry to say that, but I'm still not able to see my E drive unit, CD/DVD rom unit. What do you think I shall do?
Thank you!

$Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom Empty$ Re: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom

Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom

descriptionMissing file C:WINDOWSsystem32dllcachecdrom.sys, not able to use the cd rom30th June 2010, 8:50 am

descriptionRe: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom30th June 2010, 3:09 pm

descriptionRe: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom1st July 2010, 8:35 am

descriptionRe: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom1st July 2010, 8:36 am

descriptionRe: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom1st July 2010, 12:53 pm

descriptionRe: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom1st July 2010, 1:12 pm

descriptionRe: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom1st July 2010, 1:23 pm

descriptionRe: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom1st July 2010, 1:43 pm

descriptionRe: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom1st July 2010, 1:59 pm

descriptionRe: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom1st July 2010, 2:53 pm

descriptionRe: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom2nd July 2010, 9:53 am

descriptionRe: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom2nd July 2010, 10:30 am

descriptionRe: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom2nd July 2010, 9:01 pm

descriptionRe: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom3rd July 2010, 4:39 am

descriptionRe: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom3rd July 2010, 10:46 pm

descriptionRe: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom5th July 2010, 6:33 am

descriptionRe: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom5th July 2010, 9:07 pm

descriptionRe: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom6th July 2010, 11:26 am

descriptionRe: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom6th July 2010, 3:13 pm

descriptionRe: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom7th July 2010, 1:30 pm

descriptionRe: Missing file C:\WINDOWS\system32\dllcache\cdrom.sys, not able to use the cd rom